Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
genixcms genixcms vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2016-10096
SQL injection vulnerability in register.php in GeniXCMS prior to 1.0.0 allows remote malicious users to execute arbitrary SQL commands via the activation parameter.
Genixcms Genixcms
5.3
CVSSv3
CVE-2017-14231
GeniXCMS prior to 1.1.0 allows remote malicious users to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class...
Genixcms Genixcms
NA
CVE-2015-2678
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS prior to 0.0.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
Genixcms Genixcms
1 EDB exploit
NA
CVE-2015-2679
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS prior to 0.0.2 allow remote malicious users to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
Genixcms Genixcms
1 EDB exploit
7.2
CVSSv3
CVE-2017-5346
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
Genixcms Genixcms 0.0.8
6.1
CVSSv3
CVE-2017-17431
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
Genixcms Genixcms 1.1.5
9.1
CVSSv3
CVE-2017-8827
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote malicious users to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
Genixcms Genixcms 1.0.2
4.8
CVSSv3
CVE-2017-14740
Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.
Genixcms Genixcms 1.1.0
6.1
CVSSv3
CVE-2017-14761
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.
Genixcms Genixcms 1.1.4
6.1
CVSSv3
CVE-2017-14762
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.
Genixcms Genixcms 1.1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »